Recently, personal information is frequently leaking by hacking a web server of Internet shopping mall, and communication site, etc.
As an example, there was an incident in which a hacker disguises as an authorized user by hacking a web server, collects customers' personal information from a database (DB), stores the collected personal information as a file in a specific folder of the web server, and transmits the file to a network, thereby leaking the customers' personal information.
In addition, there was a case that searches files stored in a web server and a DB server to leak personal information.
To prevent such problems, ┌Personal information Protection Act┘ and law enforcement notification ┌Technical Management Protection Measure of Personal information┘ were enforced in September, 2011. Importance about the protection of personal information increases in terms of compliance.
Moreover, security functions of a firewall and an intrusion detection system (IDS) have been much advanced, but, as in reverse telnet, since hacking technology and programs, in which a remote command transferred from a personal computer (PC) of an external hacker to a web server is disguised as normal Hypertext Transfer Protocol (HTTP) traffic, are being distributed, it becomes more difficult to protect personal information.
In a related art personal information protection system, proposed was a method that downloads data files associated with a homepage of a web server through a diagnosis system in a file transfer protocol (FTP), checks whether the data files include personal information, deletes or encrypts the personal information included in the data files, and again uploads the data files deleted or encrypted.
However, the proposed method can check only a specific directory area that stores data (file and resource for providing a web service) associated with a homepage of a web server.